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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36 (a). In no event, however, may a reply be timely filed after SIX (6) MONTHS from the 
mailing date of this communication. 

- If the period for reply specif ted above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for repry is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

• Failure to repry within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)1x1 Responsive to communication(s) filed on May 21, 1999 

2a) □ This action is FINAL. 2b) jxl This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayfe, 1935 CD. 11; 453 O.G. 213. 
Disposition of Claims 

4) (xl Claim(s) 1-24 is/are pending in the application. 



4a) Of the above, claim(s) 
5)D Claim(s) 



6) 53 Claim(s) 1-24 

7) D Claim(s) 

8) D Claims 



is/are withdrawn from consideration. 

is/are allowed. 

is/are rejected. 

is/are objected to. 



are subject to restriction and/or election requirement. 



Application Papers 

9)D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are a) □ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner, 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgement is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some* c)D None of: 

1 . □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 



3. □ Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
*See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgement is made of a claim for domestic priority under 35 U.S.C. § 1 19(e). 
a)D The translation of the foreign language provisional application has been received. 

15) D Acknowledgement is made of a claim for domestic priority under 35 U.S.C. §§120 and/or 121. 

Attachment(s) 

1) |)(| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) Paper No(s). 

2) j)3 Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-1 52) 

3) j)3 Information Disclosure Statement(s) (PTO-1 449) Paper No(s). 2,3 6) O Other 
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DETAILED ACTION 



Claim Rejections - 35 USC § 103 



1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-24 are rejected under 35 U.S.C. 103(a) as being unpatentable over Traw et 

al.(US 5,949,877) in view of Traw et al.(US 6,542,610). 

Claims 1,2: Traw disclose exchanging device certificates of first and second device in 
(col.7,lines 7-13,37-43). Device certificate having a unique hardware id is disclosed by Traw in 
(col.7,lines 28-30). Traw disclose cryptographically verifying the received certificate using the 
public key of Certificate Authority and exchanging challenges created by each of first and second 
devices in (col.7,lines 25-31, 44-60). Traw disclose responding to respective challenges by signing 
received challenge,using the receiving devices's private key, private keys residing in the respective 
protected storage in each device and returning signed challenges in (col.7 5 lines 66-67;col.lines 1- 
17 and col.l0,lines 40-50). Traw disclose cryptographically verifying that received challenge 
signature is of the challenge previously sent by receiving device and establishing a key agreement 
between first and second devices in (col.8,lines 11-17). Traw disclose establishing secure 
communications if all of prior verifying steps succeed in (col.8,lines 18-29). Traw does not 



# 
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specifically disclose negotiating a two-way session encryption and mutual authentication 
requirements between first and second device. Traw patent disclose establishing initial session 
between first and second device and negotiating two way session encryption and mutual 
authentication requirements between two devices in (fig.2 and col.7 3 lines 6-25). It would have 
been obvious to person of ordinary skill in the art at the time invention was made to have pre- 
authenticated process as taught in Traw with device certificate method disclosed in Traw because 
secure communication can be achieved before actual delivery of secure contents thus adding 
security of its content. Further, it provides an assurance to each entity as to origin of its data 
sources and how data is routed to the destination thereby minimizing data compromise. 

Claim 3 : Traw disclose first established session is an authenticated connection in 
(col.8,lines 21-26). 

Claim 4: Traw disclose first established session is an encrypted connection in (col.3 5 lines 



Claim 5: Traw disclose unique hardware identifier is a machine address in (col.l0,lines 40- 



Claims 6,7:examiner takes Official notice that write-only storage,read-write storage to 
store or perform computation is well known in the art. For example (EEPROM,DRAM,etc). 
Write only EEPROM can be used to store keys and can be written into the memory by the 
encryption circuitry, but he key can not be read from any other external leads connected to the 
chip thus providing full protection of its key against outside attacks. One of ordinary skill in the 



49-52). 



50). 
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art would have been motivated to use these storage because it offers protection and data can be 
readily retrieved and access at user's discretion. 

Claim 8: Traw disclose public key of a CA is a public key of a root CA in (col.lO,lines 40- 

46). 

Claims 9-16 differs from claims 1-8 in that computer program code is claimed. It is 
inherent in system of Traw to include a software code in order to perform cryptographic 
processing. The examiner asserts that performing a cryptographic functions by a computer 
without implementation of software is not possible. 

Claims 17,1 8: Traw disclose exchanging device certificates of first and second device in 
(col.7,lines 7-13,37-43). Device certificate having a unique hardware id is disclosed by Traw in 
(col.7,lines 28-30). Traw disclose cryptographically verifying the received certificate using the 
public key of Certificate Authority and exchanging challenges created by each of first and second 
devices in (col.7,lines 25-31, 44-60). Traw disclose responding to respective challenges by signing 
received challenge,using the receiving devices' s private key, private keys residing in the respective 
protected storage in each device and returning signed challenges in (col.7,lines 66-67;col.lines 1- 
17 and col.l0,lines 40-50). Traw disclose cryptographically verifying that received challenge 
signature is of the challenge previously sent by receiving device and establishing a key agreement 
between first and second devices in (col.8,lines 11-17). Traw disclose establishing secure 
communications if all of prior verifying steps succeed in (col.8 5 lines 18-29). Traw does not 
specifically disclose negotiating a two-way session encryption and mutual authentication 
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requirements between first and second device. Traw patent disclose establishing initial session 
between first and second device and negotiating two way session encryption and mutual 
authentication requirements between two devices in (fig.2 and col.7,lines 6-25). It would have 
been obvious to person of ordinary skill in the art at the time invention was made to have pre- 
authenticated process as taught in Traw with device certificate method disclosed in Traw because 
secure communication can be achieved before actual delivery of secure contents thus adding 
security of its content. Further, it provides assurance to each entity as to origin of its data sources 
and how data is routed to the destination thereby minimizing data compromise. 

Claim 19: Traw disclose first established session is an authenticated connection in 
(col. 8,lines 21-26). 

Claim 20: Traw disclose first established session is an encrypted connection in (col.3,lines 

49-52). 

Claim 21 : Traw disclose unique hardware identifier is a machine address in (col.lO,lines 

40-50). 

Claims 22,23: examiner takes Official notice that write-only storage,read-write storage to 
store or perform computation is well known in the art. For example (EEPROM,DRAM,etc). 
Write only EEPROM can be used to store keys and can be written into the memory by the 
encryption circuitry, but he key can not be read from any other external leads connected to the 
chip thus providing full protection of its key against outside attacks. One of ordinary skill in the 
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art would have been motivated to use these storage because it offers protection and data can be 
readily retrieved and access at user's discretion. 

Claim 24: Traw disclose public key of a CA is a public key of a root CA in (col.lO,lines 

40-46). 

Conclusion 

3. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. . 

a. Weber et al.(US 6,178,409) disclose initial communication session before transfer of 
certificates. 

4. Any inquiry concerning this communication should be directed to Hosuk Song whose 
telephone number is (703)305-0042. The examiner can normally be reached on Tues-Fri from 
6:00 am - 4:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gail Hayes, can be reached on (703)305-971 1. 

Any inquiry of a general nature or relating to the status of this application should be 
directed to the Group receptionist whose telephone number is (703)305-3900. 

fist- ^ 

GAIL HAYES 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



